On Sep 30, 2004, at 3:26 AM, Damian Menscher wrote:
On Wed, 29 Sep 2004 [EMAIL PROTECTED] wrote:... It's interesting that viruses are finally starting to implement what
we were joking about in 1995 at high school...
I'm impressed with how far we've come. Less than a year ago, I could most email viruses with simple procmail scripts. Now even antivirus products are having difficulty keeping up with the threats.
But for the jpeg threat, as I understand it, patching systems *should* fix this so even if a "virus" does get loose on your system (jpeg virus), it shouldn't have an effect. The problem is with the way it's interpreted by some libraries in Windows. Slightly different than running an executable (who would have thought a few years ago that spreading a virus would be as simple as an anonymous email with a .exe attached saying, "This is neat, UsEr! Run this program!"...AND THEY DO!?? AARGH!).
Once all bazillion Windows machines are patched by all the users on the planet who know more about their computer than where the on/off switch is, this "jpeg virus" threat will be a minor footnote in computer history.
</turns blue trying to keep from laughing at the sheer ridiculousness of the situation..>
You do realize, of course, in several years there's a distinct possibility that this will turn into a "minefield" with otherwise harmless jpegs (to some platforms) winding up on web pages for viewing. Some people patch, some don't, eventually...*foom*...infected on those systems the user never patched. This will be happening five years from now.
The only way to really "fix" it is to either A) fix the libraries with the problem or B) create a screen program that processes EVERY jpg, resaving them in a "stripped" form so the executable code won't exist in the new copy, and forward it or present it to the user...this would have to be done like some kind of web browser plugin or something of that nature.
At least, those are two ideas I see as possible. The second one would be a real PITA, though. Both require users to update their systems or antivirus programs or spyware programs...<GOOD LUCK>. Here's another thing...what's with spyware and viruses mixing now? Five years ago viruses were viruses, slimy company advertising was slimy company advertising. Now, my Windows antivirus is picking up "trojan" adware and viruses and my spybot is searching for Bagle?!? This is getting bloody crazy. Now that virus vectors are coming through email rather than just sharing programs, and are increasingly shifting towards infection via web browsing, how long before Clam will need to be run with some sort of web proxy plugin via Squid?? But now I'm just ranting...
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
